001

Table of Contents
 
Title Page
Copyright Page
Dedication
Acknowledgements
About the Authors
 
Table of Figures
Foreword
Introduction
About CWNA and CWNP
How to Become a CWNA
Who Should Buy This Book?
How to Use This Book and the CD
Exam Objectives
Assessment Test
Answers to Assessment Test
 
Chapter 1 - Overview of Wireless Standards, Organizations, and Fundamentals
 
History of WLAN
Standards Organizations
Core, Distribution, and Access
Communications Fundamentals
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 2 - Radio Frequency Fundamentals
 
What Is a Radio Frequency (RF) Signal?
Radio Frequency Characteristics
Radio Frequency Behaviors
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 3 - Radio Frequency Components, Measurements, and Mathematics
 
RF Components
Units of Power and Comparison
RF Mathematics
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 4 - Radio Frequency Signal and Antenna Concepts
 
Active and Passive Gain
Azimuth and Elevation Charts (Antenna Radiation Envelopes)
Interpreting Polar Charts
Beamwidth
Antenna Types
Visual Line of Sight
RF Line of Sight
Fresnel Zone
Earth Bulge
Antenna Polarization
Antenna Diversity
Multiple-Input Multiple-Output (MIMO)
Antenna Connection and Installation
Antenna Accessories
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 5 - IEEE 802.11 Standards
 
Overview of the IEEE 802.11 Standard
IEEE 802.11 Ratified Amendments
IEEE 802.11 Draft Amendments
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 6 - Wireless Networks and Spread Spectrum Technologies
 
Industrial, Scientific, and Medical (ISM) Bands
Unlicensed National Information Infrastructure (UNII) Bands
Narrowband and Spread Spectrum
Frequency Hopping Spread Spectrum (FHSS)
Direct Sequence Spread Spectrum (DSSS)
Packet Binary Convolutional Code (PBCC)
Orthogonal Frequency Division Multiplexing (OFDM)
2.4 GHz Channels
5 GHz Channels
Adjacent, Nonadjacent, and Overlapping Channels
Throughput vs. Bandwidth
Communication Resilience
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 7 - Wireless LAN Topologies
 
Wireless Networking Topologies
802.11 Topologies
802.11 Configuration Modes
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 8 - 802.11 Medium Access
 
CSMA/CA vs. CSMA/CD
Distributed Coordination Function (DCF)
Point Coordination Function (PCF)
Hybrid Coordination Function (HCF)
Block Acknowledgment (BA)
Wi-Fi Multimedia (WMM)
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 9 - 802.11 MAC Architecture
 
Packets, Frames, and Bits
Data-Link Layer
Physical Layer
802.11 and 802.3 Interoperability
Three 802.11 Frame Types
Beacon Management Frame (Beacon)
Passive Scanning
Active Scanning
Authentication
Association
Authentication and Association States
Basic and Supported Rates
Roaming
Reassociation
Disassociation
Deauthentication
ACK Frame
Fragmentation
Protection Mechanism
RTS/CTS
CTS-to-Self
Data Frames
Power Management
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 10 - Wireless Devices
 
Wireless LAN Client Devices
Progression of WLAN Architecture
Specialty WLAN Infrastructure
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 11 - WLAN Deployment and Vertical Markets
 
Corporate Data Access and End-User Mobility
Network Extension to Remote Areas
Bridging—Building-to-Building Connectivity
Wireless ISP (WISP)—Last-Mile Data Delivery
Small Office/Home Office (SOHO)
Mobile Office Networking
Educational/Classroom Use
Industrial—Warehousing and Manufacturing
Healthcare—Hospitals and Offices
Municipal Networks
Hotspots—Public Network Access
Transportation Networks
Law-Enforcement Networks
First-Responder Networks
Fixed Mobile Convergence
WLAN and Health
WLAN Vendors
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 12 - WLAN Troubleshooting
 
Layer 2 Retransmissions
802.11 Coverage Considerations
Capacity vs. Coverage
Voice vs. Data
Performance
Weather
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 13 - 802.11 Network Security Architecture
 
802.11 Security Basics
Legacy 802.11 Security
Robust Security
Segmentation
Infrastructure Security
VPN Wireless Security
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 14 - Wireless Attacks, Intrusion Monitoring, and Policy
 
Wireless Attacks
Intrusion Monitoring
Wireless Security Policy
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 15 - Radio Frequency Site Survey Fundamentals
 
WLAN Site Survey Interview
Documents and Reports
Vertical Market Considerations
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 16 - Site Survey Systems and Devices
 
Site Survey Defined
Site Survey Tools
Coverage Analysis
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 17 - Power over Ethernet (PoE)
 
History of PoE
PoE Devices (Overview)
Planning and Deploying PoE
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
 
Chapter 18 - High Throughput (HT) and 802.11n
 
802.11n History
MIMO
HT Channels
HT PHY
HT MAC
HT Operation
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
Appendix A - About the Companion CD
Appendix B - Abbreviations, Acronyms, and Regulations
Glossary
Index
CWNA: Certified Wireless Network Administrator Official Study Guide

Table of Figures
 
FIGURE 1.1 Wi-Fi logo
FIGURE 1.2 Wi-Fi Interoperability Certificate
FIGURE 1.3 This drawing shows the wavelength and amplitude of a wave.
FIGURE 1.4 This drawing shows two waves that are identical; however, they are 90 degrees out of phase with each other.
FIGURE 1.5 An example of amplitude-shift keying (ASCII code of an uppercase K)
FIGURE 1.6 An example of frequency-shift keying (ASCII code of an uppercase K)
FIGURE 1.7 An example of phase-shift keying (ASCII code of an uppercase K )
FIGURE 1.8 An example of multiple phase-shift keying (ASCII code of an uppercase K )
FIGURE 2.1 Electromagnetic spectrum
FIGURE 2.2 A sine wave
FIGURE 2.3 Wavelength
FIGURE 2.4 750 KHz wavelength and 252 GHz wavelength
FIGURE 2.5 2.45 GHz wavelength and 5.775 GHz wavelength
FIGURE 2.6 Wavelength formulas
FIGURE 2.7 Frequency
FIGURE 2.8 Amplitude
FIGURE 2.9 Phase
FIGURE 2.10 Propagation analogy
FIGURE 2.11 Reflection analogy
FIGURE 2.12 Scattering analogy
FIGURE 2.13 Refraction
FIGURE 2.14 Diffraction analogy
FIGURE 2.15 Multipath
FIGURE 2.16 Data corruption ISI
FIGURE 2.17 RF signal measurement tools
FIGURE 3.1 RF components
FIGURE 3.2 Link budget components
FIGURE 3.3 Point-to-point link budget gain and loss
FIGURE 3.4 Office link budget gain and loss
FIGURE 4.1 Azimuth and elevation charts
FIGURE 4.2 Logarithmic/linear comparison
FIGURE 4.3 Omnidirectional polar chart (E-plane)
FIGURE 4.4 Directional polar chart (E-plane)
FIGURE 4.5 Antenna beamwidth
FIGURE 4.6 Beamwidth calculation
FIGURE 4.7 Vertical radiation patterns of omnidirectional antennas
FIGURE 4.8 Half-wave dipole antenna
FIGURE 4.9 Improperly installed omnidirectional antenna
FIGURE 4.10 The exterior of a patch antenna and the internal antenna element
FIGURE 4.11 The exterior of a Yagi antenna and the internal antenna element
FIGURE 4.12 Radiation pattern of a typical semidirectional panel antenna
FIGURE 4.13 Grid antenna
FIGURE 4.14 Sectorized array
FIGURE 4.15 Fresnel zone
FIGURE 4.16 60 percent and 100 percent Fresnel zone clearances
FIGURE 4.17 Point-to-point communication with potential obstacle
FIGURE 4.18 Calculating antenna height
FIGURE 4.19 Access point with antenna diversity
FIGURE 4.20 Coaxial cable attenuation chart
FIGURE 4.21 Installation of lightning protection equipment
FIGURE 4.22 Grounding ring
FIGURE 5.1 Access point, dual radio cards
FIGURE 5.2 802.11d settings
FIGURE 5.3 Roaming
FIGURE 5.4 Roaming-distribution system medium
FIGURE 5.5 Mesh points, mesh APs and mesh portal
FIGURE 6.1 Overlay of narrowband and spread spectrum frequency use
FIGURE 6.2 FHSS components
FIGURE 6.3 802.11 Channels and OFDM subcarriers
FIGURE 6.4 Subcarrier signal overlay
FIGURE 6.5 2.4 GHz channel overlay diagram
FIGURE 6.6 HR-DSSS center frequencies
FIGURE 6.7 IEEE 802.11b transmit spectrum mask
FIGURE 6.8 Sideband carrier frequency interference
FIGURE 6.9 UNII channel overview
FIGURE 6.10 OFDM spectrum mask
FIGURE 7.1 A cellular networking card
FIGURE 7.2 Bluetooth communications
FIGURE 7.3 Distribution system medium
FIGURE 7.4 Wireless distribution system, single radio
FIGURE 7.5 Wireless distribution system, dual radios
FIGURE 7.6 Repeater cell
FIGURE 7.7 WDS frame header
FIGURE 7.8 Service set identifier
FIGURE 7.9 Basic service set
FIGURE 7.10 Basic service set identifier
FIGURE 7.11 Basic service area
FIGURE 7.12 Extended service set, seamless roaming
FIGURE 7.13 Extended service set, nomadic roaming
FIGURE 7.14 Extended service set, colocation
FIGURE 7.15 SSID and BSSIDs within an ESS
FIGURE 7.16 Independent basic service set
FIGURE 7.17 Access point configuration modes
FIGURE 7.18 Client station configuration modes
FIGURE 8.1 SIFS and DIFS
FIGURE 8.2 Duration/ID field
FIGURE 8.3 Duration value of SIFS + ACK
FIGURE 8.4 Virtual carrier-sense
FIGURE 8.5 Contention window length
FIGURE 8.6 EDCA and 802.1D priority tags
FIGURE 8.7 Immediate Block acknowledgment
FIGURE 9.1 802.11 MPDU
FIGURE 9.2 Data-Link and Physical layers
FIGURE 9.3 802.11 MAC header
FIGURE 9.4 Passive scanning
FIGURE 9.5 Active scanning
FIGURE 9.6 Authentication and association states
FIGURE 9.7 ACK control frame
FIGURE 9.8 Frame fragmentation
FIGURE 9.9 RTS/CTS duration values
FIGURE 9.10 RTS/CTS frame exchange
FIGURE 9.11 Legacy power management
FIGURE 9.12 WMM-PS
FIGURE 10.1 PCMCIA adapter/PC card
FIGURE 10.2 Mini PCI radio
FIGURE 10.3 ExpressCard radio
FIGURE 10.4 Desktop 802.11 PCI adapters
FIGURE 10.5 802.11 USB adapter
FIGURE 10.6 : Barcode scanner
FIGURE 10.7 Enterprise-class client utility
FIGURE 10.8 Wireless Zero Configuration service
FIGURE 10.9 Third-party client utility
FIGURE 10.10 WLAN architecture progression
FIGURE 10.11 Autonomous AP (Motorola AP-5131).
FIGURE 10.12 Autonomous AP topology
FIGURE 10.13 Lightweight access point (Aruba AP-61)
FIGURE 10.14 Autonomous or lightweight access point (HiPath Wireless AP2630 and AP2640)
FIGURE 10.15 WLAN controller (Aruba MMC-6000)
FIGURE 10.16 WLAN controller and IP tunneling—core layer
FIGURE 10.17 WLAN controller and IP tunneling—distribution layer
FIGURE 10.18 WLAN controller and IP tunneling—access layer
FIGURE 10.19 Virtual WLANs, virtual BSSIDs, and VLANs
FIGURE 10.20 Remote office WLAN controller (Motorola WS-2000)
FIGURE 10.21 Distributed WLAN architecture
FIGURE 10.22 Wireless workgroup bridge
FIGURE 10.23 Point-to-point WLAN bridging
FIGURE 10.24 Point-to-multipoint WLAN bridging
FIGURE 10.25 Common bridging challenge
FIGURE 10.26 Wireless LAN mesh network
FIGURE 10.27 EEG topology
FIGURE 10.28 Enterprise encryption gateway
FIGURE 10.29 WLAN array
FIGURE 10.30 Cooperative control topology
FIGURE 10.31 Active 802.11 RFID tag
FIGURE 10.32 RTLS application
FIGURE 10.33 VoWiFi phone (SpectraLink 8030)
FIGURE 10.34 Vocera Communications Badge
FIGURE 10.35 VoWiFi topology
FIGURE 12.1 Layer 2 retransmission statistics
FIGURE 12.2 Narrowband RF interference
FIGURE 12.3 Wideband RF interference
FIGURE 12.4 All-band RF interference
FIGURE 12.5 Multipath analysis troubleshooting tool
FIGURE 12.6 2.4 GHz nonoverlapping channels
FIGURE 12.7 5 GHz nonoverlapping channels
FIGURE 12.8 Signal-to-noise ratio
FIGURE 12.9 Mismatched AP and client power
FIGURE 12.10 The near/far problem
FIGURE 12.11 Hidden node—obstruction
FIGURE 12.12 Hidden node—large coverage cell
FIGURE 12.13 Hidden node—distributed antenna system
FIGURE 12.14 Hidden node and RTS/CTS
FIGURE 12.15 Dynamic rate switching
FIGURE 12.16 Data rate coverage zones
FIGURE 12.17 Frame transmission time
FIGURE 12.18 AirPcap provides multichannel monitoring and roaming analysis.
FIGURE 12.19 Layer 3 roaming boundaries
FIGURE 12.20 Co-channel interference
FIGURE 12.21 Adjacent cell interference: Access points with overlapping coverage cells transmit at the same time. The overlapping frequencies cause data corruption.
FIGURE 12.22 2.4 GHz multiple channel architecture
FIGURE 12.23 Clients and co-channel interference
FIGURE 12.24 5 GHz multiple channel architecture
FIGURE 12.25 Three-dimensional channel reuse
FIGURE 12.26 Single channel architecture
FIGURE 12.27 Zero handoff time
FIGURE 12.28 RF coverage of a building using three APs with few wireless stations
FIGURE 12.29 Cell sizing—multiple channel architecture
FIGURE 12.30 2.4 GHz channel stacking—single channel architecture
FIGURE 13.1 Static WEP encryption key and Initialization Vector
FIGURE 13.2 Transmission key
FIGURE 13.3 WEP encryption process
FIGURE 13.4 802.1X comparison—autonomous access point and WLAN controller
FIGURE 13.5 WLAN bridging and 802.1X
FIGURE 13.6 802.1X/EAP authentication
FIGURE 13.7 Wireless VLANs
FIGURE 13.8 Remote access VPN tunnel
FIGURE 14.1 Public Secure Packet Forwarding
FIGURE 14.2 NetStumbler
FIGURE 14.3 WEP-cracking utility
FIGURE 14.4 Offline dictionary attack
FIGURE 14.5 MAC spoofing software utility
FIGURE 14.6 Man-in-the-middle attack
FIGURE 14.7 Wireless intrusion detection system (WIDS)
FIGURE 14.8 WIDS management console and hardware sensor
FIGURE 14.9 Mobile WIDS locater tool
FIGURE 15.1 Topographic map
FIGURE 15.2 NEMA enclosure
FIGURE 15.3 Indoor enclosure
FIGURE 16.1 2.4 GHz spectrum analyzer
FIGURE 16.2 Microwave oven spectrum use
FIGURE 16.3 Starting coverage cell
FIGURE 16.4 Second coverage cell
FIGURE 16.5 Signal-to-noise ratio
FIGURE 16.6 VoWiFi cell recommendations
FIGURE 16.7 Proper use of semidirectional antennas
FIGURE 16.8 Omnidirectional and semidirectional antenna combination
FIGURE 16.9 WLAN site survey tripod (WiFi Surveyor—courtesy of Caster Tray)
FIGURE 16.10 Signal generator and wattmeter
FIGURE 16.11 Passive/active site survey utility
FIGURE 16.12 Commercial coverage analysis application (AirMagnet Survey © courtesy of AirMagnet, Inc.)
FIGURE 16.13 Assisted site survey
FIGURE 17.1 An Aruba 6000 wireless controller with PoE line card
FIGURE 17.2 Endpoint PSE, Alternative A
FIGURE 17.3 Endpoint PSE, Alternative B
FIGURE 17.4 Midspan PSE, Alternative B
FIGURE 17.5 Midspan power-sourcing equipment
FIGURE 17.6 Three PSE solutions
FIGURE 17.7 Fluke NetTool Series II inline network tester
FIGURE 18.1 2×3 and 3×3 MIMO
FIGURE 18.2 Multiple spatial streams
FIGURE 18.3 Maximal ratio combining (MRC)
FIGURE 18.4 Antenna arrays and beamforming
FIGURE 18.5 Transmit beamforming data
FIGURE 18.6 20 MHz non-HT (802.11a/g) channel
FIGURE 18.7 20 MHz HT (802.11n) channel
FIGURE 18.8 40 MHz HT (802.11n) channel
FIGURE 18.9 Channel bonding
FIGURE 18.10 Channel bonding—5 GHz UNII bands
FIGURE 18.11 Channel bonding—2.4 GHz ISM band
FIGURE 18.12 Guard interval
FIGURE 18.13 802.11n PPDU formats
FIGURE 18.14 802.11 unicast frame overhead
FIGURE 18.15 A-MSDU
FIGURE 18.16 A-MPDU
FIGURE 18.17 Block acknowledgments
FIGURE 18.18 Dual-CTS protection
FIGURE 18.19 Phased coexistence operation
FIGURE B.1 5 GHz PtMP—intentional radiator power regulations
FIGURE B.2 5 GHz PtMP—Equivalent isotropically radiated power (EIRP) regulations

001

Dear Reader,
 
Thank you for choosing CWNA: CertifiedWirelessNetworkAdministrator Official Study Guide. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.
 
Sybex was founded in 1976. More than thirty years later, we’re still committed to producing consistently exceptional books. With each of our titles we’re working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available.
 
I hope you see all that reflected in these pages. I’d be very interested to hear your comments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at nedde@wiley.com, or if you think you’ve found a technical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.
 
Best regards,
002
Neil Edde
Vice President and Publisher
Sybex, an Imprint of Wiley

We dedicate this book to all the men and women of the United States Armed Forces for putting their private lives aside to preserve and protect freedom. Thank you for your service and your sacrifice.

Acknowledgments
David Coleman would once again like to thank his children, Brantley and Carolina, for their patience and understanding of their father throughout the writing of this book. I love you kids very much. David would also like to thank his mother, Marjorie Barnes, and his stepfather, William Barnes, for many years of support and encouragement.
David Westcott would like to thank his parents, Kathy and George, who have provided so much support and love and from whom he has learned so much. He would also like to thank Janie, Jennifer, and Samantha for their patience and understanding of life on the road and for their support throughout the writing of this book.
Writing this edition of the CWNA Study Guide has been a rapid-fire version of writing the original book. Like writing the original book, it was an adventure from the start. We would like to thank all of the following individuals for their support and contributions during the entire process.
We must first thank the acquisitions editor of Sybex, Jeff Kellum, for initially finding us and bringing us on to this project four years ago. Jeff is an extremely patient and understanding editor who occasionally sends a nasty email message. We would also like to thank our development editor, Sara Barry and her special assistant Kathleen Avery Barry, who was born December 11, 2008—8 lbs. and 4 oz. We also need to send special thanks to our editorial manager Pete Gaughan and our production editor Rachel McConlogue, and Sharon Wilkey, our copyeditor.
We also need to give a big shout-out to our technical editor, Sam Coyl. Sam is a member of the IEEE with many years of practical experience in wireless communications. His contributions to the book were nothing short of invaluable. When Sam is not providing awesome technical editing, he is vice president of business development for Netrepid (www.netrepid.com), a wireless solutions provider.
We would also like to thank Devin Akin, Cary Chandler, Kevin Sandlin, Scott Turner, and Scott Williams of the CWNP program (www.cwnp.com). You gentlemen should be proud of the international renowned wireless certification program that you have developed. It has been a pleasure working with all of you the past seven years.
Thanks to Proxim and to Ken Ruppel (kenruppel@gmail.com) for allowing us to include the video Beam Patterns and Polarization of Directional Antennas on the CD-ROM. Many thanks to Andrew Potter for making himself available for our photography needs.
Special thanks goes to Andras Szilagyi for not only creating the EMANIM software program but for all the extra assistance he provided by creating a customized version of the program for the CD-ROM.
David Coleman would like to thank Wayne McAllister for his support and friendship over the past several years and for his “canary in the coal mine” analogy. David Coleman would also like to send a shout out to his homies in South Korea: Gene Connor, Rick McConnell, Ken Ring, and Joe Vowell.
We would also like to thank the following individuals and companies for their support and contributions to the book:
Aerohive Networks (www.aerohive.com)—Adam Conway
AeroScout (www.aeroscout.com)—Steffan Haithcox and Amit Larom
AirDefense (www.airdefense.net)—Nico Darrow, Ralf Deltrap, Bryan Harkins, and David Thomas
AirMagnet (www.airmagnet.com)—Dilip Advani, Chia Chee Kuan, and Joey Kuo
Aruba Networks (www.arubanetworks.com)—Chris Leach, Kevin Hamilton,
Carolyn Cutler, and Susan Wells
Berkeley Varitronics Systems (www.bvsystems.com)—Carmine Caferra
By Light (www.by-light.com)—Steve Hurdle
CACE Technologies (www.cacetech.com)—Janice Spampinato
Caster Tray (www.castertray.com)—Joel Baldevarona
Cisco Systems (www.cisco.com)—Joel Barrett, Neil Diener, and Paul Shiffer
Cushcraft (www.cushcraft.com)—Mark Miller
Fluke Networks (www.flukenetworks.com)—Carolyn Carter, Thomas Doumas, and Lori Whitmer
General Dynamics (www.generaldynamics.com)—Kevin Terrell
Honeywell (www.honeywell.com)—Ray Durham and Nik Wong
Juniper Networks (www.juniper.net)—Curt Hooper
Meru Networks (www.merunetworks.com)—Kamal Anand
Motorola (www.motorola.com)—Debra McDonald and Socrates Sakellaropoulos
NetStumbler (www.netstumbler.com)—Marius Milner
PacStar (www.www.pacstar.com)—Bob Forman
Polycom (www.polycom.com)—Tricia Allen, Justin Borthwick, Geri Mitchell-Brown, Jonathan Cherry, Michelle Chessler, David Gibbs, Keith Hayden, Kate Lepore, David Mangham, Barbara McVicker, Wylee Post, Ken Rains, Robin Raulf-Sager, Josh Redmore,
Steve Rolapp, Tom Thumser, Robert Tomer, Sue Yingling, and many others.
Potter Images (www.potterimages.com)—Andrew Potter
Proxim Wireless Corporation (www.proxim.com)—Ken Day, Pamela Valentine, and Amit Malhotra
Siemens (www.siemens.com)—Karl-Heinz Marks
Times Microwave Systems (www.timesmicrowave.com)—Joe Lanoue
Vocera (www.vocera.com)—Victoria Holl and Christopher O’Donnell
Wi-Fi Alliance (www.wifi.org)—Kelly Davis-Felner and Krista Ford

About the Authors
David D. Coleman is a wireless security/networking trainer and consultant. He teaches CWNP classes that are recognized throughout the world as the industry standard for wireless networking certification, and he also conducts vendor-specific Wi-Fi training. He has taught numerous “train-the-trainer” classes and “beta” classes for the CWNP program. David has instructed IT professionals from around the globe in wireless networking administration, wireless security, and wireless frame analysis. His company, AirSpy Networks (www.airspy.com), specializes in corporate training and has worked in the past with Avaya, Nortel, Polycom, and Siemens. AirSpy Networks also specializes in government classes and has trained numerous computer security employees from various law enforcement agencies, the U.S. Marines, the U.S. Army, the U.S. Navy, the U.S. Air Force, and other federal and state government agencies.
David is also a member of the CWNE Roundtable, a selected group of individuals who work with the CWNP Program to provide direction for the CWNE exam and certification. David resides in Atlanta, Georgia, where he shares a home with his two children, Carolina and Brantley. David Coleman is CWNE #4 and can be reached via email at david@airspy.com.
003
David Westcott is an independent consultant and technical trainer with more than 20 years of experience in information technology, specializing in wireless networking and security.
In addition to providing advice and direction to corporate clients, David has been a certified trainer for more than 16 years, providing training to government agencies, corporations, and universities around the world. David was an adjunct faculty member for Boston University’s Corporate Education Center for more than 10 years and has developed courseware on wireless networking, wireless mesh networking, wireless packet analysis, wired networking, and security for Boston University and many other clients.
Since installing his first wireless network in 1999, David has become a Certified Wireless Network Trainer, Administrator, Security Professional, and Analysis Professional. David is also a member of the CWNE Roundtable, a selected group of individuals who work with the CWNP Program to provide direction for the CWNE exam and certification. David has earned certifications from Cisco, Microsoft, EC-Council, CompTIA, and Novell. David lives in Concord, Massachusetts. A licensed pilot, he enjoys flying his Piper Cherokee 180 around New England when he is not flying around the world commercially. David is CWNE #7 and can be reached via email at david@westcott-consulting.com.
004

Foreword
Wireless LANs seem to be everywhere these days. The technology is advancing so rapidly that it seems almost impossible to stay abreast of all of the changes. The SOHO sector is adopting new WLAN technologies well before ratified amendments or interoperability certifications are in place for each technology. The SMB sector is slightly more cautious but often serves as a test bed for many leading-edge technologies. The enterprise has adopted 802.11 technology at an increasing pace over the past few years, and adoption has often been due to driving factors such as saving money, as with VoWiFi and device-tracking technologies, or being able to accomplish new business goals that could not be achieved without wireless technology.
Now that new Wi-Fi vendors aren’t popping up every other day and market consolidation has begun, we’re seeing some stabilization. With the reduced stream of new technologies and products, the focus is on educating and certifying people. CWNP is focused strictly on staying abreast of all facets of 802.11 technology: standards, products, and new technologies. The CWNA certification is the first step in the CWNP line of certifications and is focused on administering an enterprise 802.11 WLAN. CWNA includes topics such as 802.11 standards, security, management, protocol analysis, QoS, site surveying, and radio frequency. Additional certifications focus more intensely on security, protocol analysis, QoS, design, advanced surveying, VoWiFi, location tracking, and RF spectrum management.
David Coleman and David Westcott have worked as Certified Wireless Network Trainers (CWNTs) for as long as the CWNT certification has been available, and each was quick to pursue all CWNP certifications as they were released. Each has years of experience with a breadth of WLAN technologies and leading-edge products, which is obvious to their students and anyone working alongside them in the field. Having worked with each of these gentlemen for years, I can confidently say there could be no finer pair of seasoned trainers collaborating on a CWNA book. These WLAN veterans have devoted hundreds of hours to pouring their experience into this book, and the reader is assured to acquire a plethora of 802.11 knowledge. Mr. Coleman and Mr. Westcott have participated in the shaping of CWNP as a whole since its earliest days and have each added tremendous value to the CWNA certification specifically. I would like to thank each of these fine gentlemen for their unwavering support of CWNP, and I would like to congratulate them on their diverse accomplishments as engineers, trainers, and authors.
 
Devin Akin
Chief Technology Officer
The CWNP program

Introduction
If you have purchased this book or if you are thinking about purchasing this book, you probably have some interest in taking the CWNA® (Certified Wireless Network Administrator) certification exam or in learning more about what the CWNA certification exam is about. We would like to congratulate you on this first step, and we hope that our book can help you on your journey. Wireless networking is one of the hottest technologies on the market. As with many fast-growing technologies, the demand for knowledgeable people is often greater than the supply. The CWNA certification is one way to prove that you have the knowledge and skills to support this growing industry. This Study Guide was written with that goal in mind.
This book was written to help teach you about wireless networking so that you have the knowledge needed not only to pass the CWNA certification test, but also to be able to design, install, and support wireless networks. We have included review questions at the end of each chapter to help you test your knowledge and prepare for the test. We have also included labs, white papers, videos, and presentations on the CD to further facilitate your learning.
Before we tell you about the certification process and requirements, we must mention that this information may have changed by the time you are taking your test. We recommend that you visit www.cwnp.com as you prepare to study for your test to determine what the current objectives and requirements are.
005
Do not just study the questions and answers! The practice questions in this book are designed to test your knowledge of a concept or objective that is likely to be on the CWNA exam. The practice questions will be different from the actual certification questions. If you learn and understand the topics and objectives, you will be better prepared for the test.

About CWNA® and CWNP®

If you have ever prepared to take a certification test for a technology that you are unfamiliar with, you know that you are not only studying to learn a different technology, but probably also learning about an industry that you are unfamiliar with. Read on and we will tell you about CWNP.
is an abbreviation for Certified Wireless Network Professional. There is no CWNP test. The CWNP program develops courseware and certification exams for wireless LAN technologies in the computer networking industry. The CWNP certification program is a vendor-neutral program.
The objective of CWNP is to certify people on wireless networking, not on a specific vendor’s product. Yes, at times the authors of this book and the creators of the certification will talk about, demonstrate, or even teach how to use a specific product; however, the goal is the overall understanding of wireless, not the product itself. If you learned to drive a car, you had to physically sit and practice in one. When you think back and reminisce, you probably do not tell someone you learned to drive a Ford; you probably say you learned to drive using a Ford.
There are five wireless certifications offered by the CWNP program:
CWTSTM: Certified Wireless Technology Specialist The CWTS certification is the latest certification from the CWNP program. CWTS is an entry-level enterprise WLAN certification, and a recommended prerequisite for the CWNA certification. This certification is geared specifically toward both WLAN sales and support staff for the enterprise WLAN industry. The CWTS certification verifies that sales and support staff are specialists in WLAN technology and have all the fundamental knowledge, tools, and terminology to more effectively sell and support WLAN technologies.
CWNA®: Certified Wireless Network Administrator The CWNA certification is a foundation-level Wi-Fi certification; however, it is not considered an entry-level technology certification. Individuals taking this exam (exam PW0-104) typically have a solid grasp on network basics such as the OSI model, IP addressing, PC hardware, and network operating systems. Many candidates already hold other industry-recognized certifications, such as the CompTIA Network+ or Cisco CCNA, and are looking for the CWNA certification to enhance or complement existing skills.
CWSP®: Certified Wireless Security Professional The CWSP certification exam (PW0-200) is focused on standards-based wireless security protocols, security policy, and secure wireless network design. This certification introduces candidates to many of the technologies and techniques that intruders use to compromise wireless networks and that administrators use to protect wireless networks. With recent advances in wireless security, WLANs can be secured beyond their wired counterparts.
CWNE®: Certified Wireless Network Expert The CWNE certification is the highest-level certification in the CWNP program. By successfully completing the CWNE requirements, you will have demonstrated that you have the most advanced skills available in today’s wireless LAN market. The CWNE exam (PW0-300) focuses on advanced WLAN analysis, design, troubleshooting, quality-of-service (QoS) mechanisms, spectrum management, and extensive knowledge of the IEEE 802.11 standard as amended.
CWNT®: Certified Wireless Network Trainer Certified Wireless Network Trainers are qualified instructors certified by the CWNP program to deliver CWNP training courses to IT professionals. CWNTs are technical and instructional experts in wireless technologies, products, and solutions. To ensure a superior learning experience for our customers, CWNP Education Partners are required to use CWNTs when delivering training using official CWNP courseware.

How to Become a CWNA

To become a CWNA, you must do the following two things: agree that you have read and will abide by the terms and conditions of the CWNP Confidentiality Agreement and pass the CWNA certification test.
006
A copy of the CWNP Confidentiality Agreement can be found online at the CWNP website.
When you sit to take the test, you will be required to accept this confidentiality agreement before you can continue with the test. After you have agreed, you will be able to continue with the test, and if you pass the test, you are then a CWNA.
The information for the exam is as follows:
• Exam name: Wireless LAN Administrator
• Exam number: PW0-104
• Cost: $175 (in U.S. dollars)
• Duration: 90 minutes
• Questions: 60
• Question types: Multiple choice/multiple answer
• Passing score: 70 percent (80 percent for instructors)
• Available languages: English
• Availability: Register at Pearson VUE (www.vue.com/cwnp)
When you schedule the exam, you will receive instructions regarding appointment and cancellation procedures, ID requirements, and information about the testing center location. In addition, you will receive a registration and payment confirmation letter. Exams can be scheduled weeks in advance or, in some cases, even as late as the same day.
After you have successfully passed the CWNA exam, the CWNP program will award you a certification that is good for three years. To recertify, you will need to pass the current PW0-104 exam, the CWSP exam, or the CWNE exam. If the information you provided the testing center is correct, you will receive an email from CWNP recognizing your accomplishment and providing you with a CWNP certification number. After you earn any CWNP certification, you can request a certification kit. The kit includes a congratulatory letter, a certificate, and a wallet-sized personalized ID card. You will need to log in to the CWNP tracking system, verify your contact information, and request your certification kit.

Who Should Buy This Book?

If you want to acquire a solid foundation in wireless networking and your goal is to prepare for the exam, this book is for you. You will find clear explanations of the concepts you need to grasp and plenty of help to achieve the high level of professional competency you need in order to succeed.
If you want to become certified as a CWNA, this book is definitely what you need. However, if you just want to attempt to pass the exam without really understanding wireless, this Study Guide is not for you. It is written for people who want to acquire hands-on skills and in-depth knowledge of wireless networking.

How to Use This Book and the CD

We have included several testing features in the book and on the CD-ROM. These tools will help you retain vital exam content as well as prepare you to sit for the actual exam.
Before you begin At the beginning of the book (right after this introduction) is an assessment test that you can use to check your readiness for the exam. Take this test before you start reading the book; it will help you determine the areas that you may need to brush up on. The answers to the assessment test appear on a separate page after the last question of the test. Each answer includes an explanation and a note telling you the chapter in which the material appears.
Chapter review questions To test your knowledge as you progress through the book, there are review questions at the end of each chapter. As you finish each chapter, answer the review questions and then check your answers—the correct answers appear on the page following the last review question. You can go back and reread the section that deals with each question you answered wrong to ensure that you answer correctly the next time you are tested on the material.
Electronic flashcards You will find flashcard questions on the CD for on-the-go review. These are short questions and answers, just like the flashcards you probably used in school. You can answer them on your PC or download them onto a Palm device for quick and convenient reviewing.
Test engine The CD also contains the Sybex Test Engine. With this custom test engine, you can identify weak areas up front and then develop a solid studying strategy that includes each of the robust testing features described previously. Our thorough readme file will walk you through the quick, easy installation process.
In addition to the assessment test and the chapter review questions, you will find three bonus exams. Use the test engine to take these practice exams just as if you were taking the actual exam (without any reference material). When you have finished the first exam, move on to the next one to solidify your test-taking skills. If you get more than 95 percent of the answers correct, you are ready to take the certification exam.
Labs and exercises Several chapters in this book have labs that use software, spreadsheets, and videos that are also provided on the CD-ROM that is included with this book. These labs and exercises will provide you with a broader learning experience by providing hands-on experience and step-by-step problem solving.
White papers Several chapters in this book reference wireless networking white papers that are also provided on the CD-ROM included with this book. These white papers serve as additional reference material for preparing for the CWNA exam.

Exam Objectives

The CWNA exam measures your understanding of the fundamentals of RF behavior, your ability to describe the features and functions of wireless LAN components, and your knowledge of the skills needed to install, configure, and troubleshoot wireless LAN hardware peripherals and protocols.
The skills and knowledge measured by this examination were derived from a survey of wireless networking experts and professionals. The results of this survey were used in weighing the subject areas and ensuring that the weighting is representative of the relative importance of the content.
The following chart provides the breakdown of the exam, showing you the weight of each section:
Subject Area % of Exam
Radio frequency (RF) technologies21%
802.11 regulations and standards17%
802.11 protocols and devices17%
802.11 network implementation17%
802.11 network security10%
802.11 RF site surveying18%
Total 100%

Radio Frequency (RF) Technologies—21%

1.1. RF Fundamentals

1.1.1. Define and explain the basic concepts of RF behavior.
• Gain
• Loss
• Reflection
• Refraction
• Diffraction
• Scattering
• VSWR
• Return loss
• Amplification
• Attenuation
• Absorption
• Wave propagation
• Free space path loss
• Delay spread

1.2. RF Mathematics

1.2.1. Understand and apply the basic components of RF mathematics.
• Watt
• Milliwatt
• Decibel (dB)
• dBm
• dBi
• dBd
• SNR
• RSSI
• System operating margin (SOM)
• Fade margin
• Link budget
• Intentional radiator
• Equivalent isotropically radiated power (EIRP)

1.3. RF Signal and Antenna Concepts

1.3.1. Identify RF signal characteristics, the applications of basic RF antenna concepts, and the implementation of solutions that require RF antennas.
• Visual LOS
• RF LOS
• Fresnel zone
• Beamwidths
• Azimuth and elevation
• Passive gain
• Isotropic radiator
• Polarization
• Simple antenna diversity
• MIMO diversity
• Radio chains
• Spatial multiplexing (SM)
• Transmit beam forming (TxBF)
• Maximal ratio combining (MRC)
• Wavelength
• Frequency
• Amplitude
• Phase
1.3.2. Explain the applications of physical RF antenna and antenna system types and identify their basic attributes, purpose, and function.
• Omnidirectional/dipole antennas
• Semidirectional antennas
• Highly directional antennas
• Sectorized antennas
1.3.3. Describe the proper locations and methods for installing RF antennas.
• Pole/mast mount
• Ceiling mount
• Wall mount

1.4. RF Antenna Accessories

1.4.1. Identify the use of the following WLAN accessories and explain how to select and install them for optimal performance and regulatory domain compliance.
• Amplifiers
• Attenuators
• Lightning arrestors
• Mounting systems
• Grounding rods/wires
• Towers, safety equipment, and concerns
• RF cables
• RF connectors
• RF signal splitters

IEEE 802.11 Regulations and Standards—17%

2.1. Spread Spectrum Technologies

2.1.1. Identify some of the uses for spread spectrum technologies.
• Wireless LANs
• Wireless PANs
• Wireless MANs
• Wireless WANs
2.1.2. Comprehend the differences between, and explain the different types of, spread spectrum technologies and how they relate to the IEEE 802.11-2007 standard’s (as amended and including IEEE 802.11n draft 2.0) PHY clauses.
• DSSS
• HR-DSSS
• ERP
• OFDM
• HT (MIMO)
2.1.3. Identify the underlying concepts of how spread spectrum technology works.
• Modulation
• Coding
2.1.4. Identify and apply the concepts that make up the functionality of spread spectrum technology.
• Colocation
• Channel centers and widths (all PHYs)
• Primary and secondary channels
• Overlapping and nonoverlapping channels
• Carrier frequencies
• Throughput vs. data rate
• Bandwidth
• Communication resilience
• Physical carrier sense (CSMA/CA)
• Virtual carrier sense (NAV)

2.2. IEEE 802.11-2007 Standard (as amended and including 802.11n draft 2.0)

2.2.1. Identify, explain, and apply the frame types and frame exchange sequences covered by the IEEE 802.11-2007 standard.
2.2.2 Identify and apply regulatory domain requirements.
• Dynamic frequency selection (DFS)
• Transmit power control (TPC)
• Available channels
• Output power
2.2.3 OSI model layers affected by the 802.11-2007 standard and amendments
2.2.4 Use of ISM and UNII bands in Wi-Fi networks
2.2.5 Supported data rates for each IEEE 802.11-2007 PHY

2.3. 802.11 Industry Organizations and Their Roles

2.3.1. Define the roles of the following organizations in providing direction, cohesion, and accountability within the WLAN industry.
• Regulatory domain governing bodies
• IEEE
• Wi-Fi Alliance

802.11 Protocols and Devices—17%

3.1. 802.11 Protocol Architecture

3.1.1. Summarize the processes involved in authentication and association.
• The 802.11 state machine
• Open System authentication, Shared Key authentication, and deauthentication
• Association, reassociation, and disassociation
• Deauthentication
3.1.2. Define, describe, and apply the following concepts associated with WLAN service sets.
• Stations and BSSs
• Starting and joining a BSS
• BSSID and SSID
• Ad Hoc mode and IBSS
• Infrastructure mode and ESS
• Distribution system (DS)
• Distribution system medium (DSM)
• Layer 2 and layer 3 roaming
3.1.3. Explain and apply the following power-management features of WLANs.
• Active mode
• Power Save mode
• Unscheduled automatic power save delivery (U-APSD)
• WMM Power Save (WMM-PS)
• Power Save Multi Poll (PSMP)
• Spatial multiplexing power save (SMPS)
• TIM / DTIM /ATIM

3.2. 802.11 MAC and PHY Layer Technologies

3.2.1. Describe and apply the following concepts surrounding WLAN frames.
• IEEE 802.11 frame format vs. IEEE 802.3 frame format
• Layer 3 protocol support by IEEE 802.11 frames
• Terminology review: frames, packets, and datagrams
• Terminology review: bits, bytes, and octets
• Terminology: MAC and PHY
• Guard interval (GI)
• PSDU
• PPDU
• PPDU formats
• MSDU
• MPDU
• A-MPDU
• A-MSDU
• 802.11 frame format
• 802.11 frame types
• Interframe spaces (RIFS, SIFS, PIFS, DIFS, AIFS, EIFS)
• Block acknowledgments
• Jumbo frame support (layer 2)
• MTU discovery and functionality (layer 3)
3.2.2. Identify methods described in the IEEE 802.11-2007 standard for locating, joining, and maintaining connectivity with an 802.11 WLAN.
• Active scanning (probes)
• Passive scanning (beacons)
• Dynamic rate switching
3.2.3. Define, describe, and apply 802.11 coordination functions and channel access methods and features available for optimizing data flow across the RF medium.
• DCF and HCF coordination functions
• EDCA channel access method
• RTS/CTS and CTS-to-Self protocols
• HT Dual-CTS protection
• HT L-SIG protection
• HT channel width operation (20 MHz, 20/40 MHz, PCO)
• HT operation modes (0, 1, 2, 3)
• Fragmentation

3.3. WLAN Infrastructure and Client Devices

3.3.1. Identify the purpose of the following WLAN infrastructure devices and describe how to install, configure, secure, and manage them.
• Autonomous access points
• Lightweight access points
• Mesh access points/routers
• Enterprise WLAN controllers
• Remote office WLAN controllers
• PoE injectors (single and multiport) and PoE-enabled Ethernet switches
• WLAN bridges
• Residential WLAN gateways
• Enterprise encryption gateways
3.3.2. Describe the purpose of the following WLAN client devices and explain how to install, configure, secure, and manage them.
• PC Cards (ExpressCard, CardBus, and PCMCIA)
• USB2, CF, and SD devices
• PCI, Mini PCI, and Mini PCIe cards
• Workgroup bridges

802.11 Network Implementation—17%

4.1. 802.11 Network Design, Implementation, and Management

4.1.1. Identify technology roles for which WLAN technology is appropriate and describe implementation of WLAN technology in those roles.
• Corporate data access and end-user mobility
• Network extension to remote areas
• Building-to-building connectivity (bridging)
• Last-mile data delivery (wireless ISP)
• Small office/home office (SOHO) use
• Mobile office networking
• Educational/classroom use
• Industrial (warehousing and manufacturing)
• Healthcare (hospitals and offices)
• Hotspots (public network access)
• Municipal networks
• Transportation networks (trains, planes, automobiles)
• Law enforcement networks

4.2. 802.11 Network Troubleshooting

4.2.1. Identify and explain how to solve the following WLAN implementation challenges by using features available in enterprise-class WLAN equipment.
• System throughput
• Co-channel and adjacent-channel interference
• RF noise and noise floor
• Narrowband and wideband RF interference
• Multipath (in SISO and MIMO environments)
• Hidden nodes
• Near/far
• Weather

4.3. Power over Ethernet (PoE)

4.3.1. IEEE 802.3-2005, clause 33 (formerly IEEE 802.3af)
4.3.2. Powering HT (IEEE 802.11n) devices
• Proprietary midspan and endpoint PSEs
• IEEE 802.3at draft midspan and endpoint PSEs

4.4. WLAN Architectures

4.4.1. Define, describe, and implement autonomous APs.
• Network connectivity
• Common feature sets
• Configuration, installation, and management
• Advantages and limitations
• QoS and VLANs
4.4.2. Define, describe, and implement WLAN controllers that use centralized and/or distributed forwarding.
• Network connectivity
• Core, distribution, and access layer forwarding
• Lightweight, mesh, and portal APs
• WLAN profiles
• Multiple BSSIDs per radio
• Scalability
• Intra- and inter-controller station handoffs
• Configuration, installation, and management
• Advantages and limitations
• Tunneling, QoS, and VLANs
4.4.3. Define, describe and implement a WNMS that manages autonomous APs, WLAN controllers, and mesh nodes.
• Network connectivity
• Common feature sets
• Configuration, installation, and management
• Advantages and limitations
4.4.4. Define, describe, and implement a multiple channel architecture (MCA) network model.
• BSSID/ESSID configuration
• Site surveying methodology
• Network throughput capacity
• Co-channel and adjacent-channel interference
• Cell sizing (including micro-cell)
4.4.5. Define, describe, and implement a single channel architecture (SCA) network model.
• BSSID/ESSID configuration (including virtual BSSIDs)
• Site surveying methodology
• Network throughput capacity
• Co-channel and adjacent-channel interference
• Cell sizing
• Transmission coordination
• Channel stacking
4.4.6. Define and describe alternative WLAN architectures.
• WLAN arrays
• Cooperative control
• Mesh networks

802.11 Network Security—10%

5.1. 802.11 Network Security Architecture

5.1.1. Identify and describe the strengths, weaknesses, appropriate uses, and implementation of the following IEEE 802.11 security-related items.
• Legacy security mechanisms
• WEP cipher suite
• Open System authentication
• Shared Key authentication
• MAC filtering
• SSID hiding
• Modern security mechanisms
• WPA-/WPA2-Enterprise
• WPA-/WPA2-Personal
• Wi-Fi protected setup (WPS)
• TKIP and CCMP cipher suites
• 802.1X/EAP framework
• Preshared key (PSK)/passphrase authentication
• Additional mechanisms
• Secure device management protocols (HTTPS, SNMPv3, SSH2)
• Role-based access control (RBAC)

5.2. 802.11 Network Security Analysis, Performance Analysis, and Troubleshooting